Is this just because ClamWin stuck a scanned infected file there and MSSE noticed it?

GuitarBob

Joined: 09 Jul 2006

Posts: 4410

Location: USA

Posted: Wed Feb 01, 2017 11:49 pm

ClamWin uses temporary files during scanning. If another AV detects something in a ClamWin temp file while ClamWin is scanning, it might be detecting either a file being scanned or a virus signature being used in the scan. This happens occasionally. To prevent this, I exclude the clamwin.tmp files from Security Essentials' scans. I also exclude every .exe file in the ClamWin\bin folder from Security Essentials' scans as processes that are not to be scanned. I also exclude the ClamWin\data folders for quarantine and db (database signatures). MSSE and ClamWin work pretty well together if you do this.

Thanks for using ClamWin!

Regards,

davehatpec

Joined: 01 Feb 2017

Posts: 6

Posted: Sun Feb 05, 2017 5:38 pm

Thanks, I'll look into that.

I noticed possibly a bug while trying to read ClamWin's scan log:

[img]http://imgur.com/a/qDIi1[/img]

Why is the path of the first virus found chopped off at the beginning? It just says oogle\Chrome\User Data\Default\Cache\f_000885: Swf.Exploit.CVE_2016_7874-5351170-0 FOUND

Why is it doing that?

GuitarBob

Joined: 09 Jul 2006

Posts: 4410

Location: USA

Posted: Sun Feb 05, 2017 7:36 pm

If there is really a preceding G in the address, it is probably a bug or it exceeds a size limit--in which case it would probably truncate the last item instead of the first.

We'll mention this to the developers.

Regards,

davehatpec

Joined: 01 Feb 2017

Posts: 6

Posted: Wed May 17, 2017 4:04 am

GuitarBob wrote:

If there is really a preceding G in the address, it is probably a bug or it exceeds a size limit--in which case it would probably truncate the last item instead of the first.

We'll mention this to the developers.

Regards,

So this now pops up every week (probably due to some false flag in ClamWin), and here's the actual result from MSSE:

The folder its found in is Temp, which I don't want to ignore, and the file found is *.clamtmp, so do I just put that into MSSE ignore?